@daemux/store-automator 0.10.46 → 0.10.47

package/.claude-plugin/marketplace.json

@@ -5,14 +5,14 @@
   },
   "metadata": {
     "description": "App Store & Google Play automation for Flutter apps",
-    "version": "0.10.46"
+    "version": "0.10.47"
   },
   "plugins": [
     {
       "name": "store-automator",
       "source": "./plugins/store-automator",
       "description": "3 agents for app store publishing: reviewer, meta-creator, media-designer",
-      "version": "0.10.46",
+      "version": "0.10.47",
       "keywords": [
         "flutter",
         "app-store",

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@daemux/store-automator",
-  "version": "0.10.46",
+  "version": "0.10.47",
   "description": "Full App Store & Google Play automation for Flutter apps with Claude Code agents",
   "type": "module",
   "bin": {

package/plugins/store-automator/.claude-plugin/plugin.json

@@ -1,6 +1,6 @@
 {
   "name": "store-automator",
-  "version": "0.10.46",
+  "version": "0.10.47",
   "description": "App Store & Google Play automation agents for Flutter app publishing",
   "author": {
     "name": "Daemux"

package/plugins/store-automator/agents/appstore-meta-creator.md

@@ -15,8 +15,9 @@ You are a senior ASO (App Store Optimization) specialist and localization expert
 5. SAVE all files to fastlane/metadata/ in the correct directory structure
 6. GENERATE fastlane/app_rating_config.json based on app content analysis
 7. GENERATE fastlane/data_safety.csv based on app data collection analysis
-8. GENERATE fastlane/metadata/review_information/ contact files for App Store review team
-9. Verify character limits are respected in every language
+8. GENERATE fastlane/app_privacy_details.json based on app data collection analysis (Apple App Privacy)
+9. GENERATE fastlane/metadata/review_information/ contact files for App Store review team
+10. Verify character limits are respected in every language
 
 ## Files You Create
 
@@ -137,6 +138,52 @@ SECURITY_PRACTICES_DATA_ENCRYPTED_IN_TRANSIT,true
 SECURITY_PRACTICES_DATA_DELETION_REQUEST,true
 ```
 
+### App Privacy Details (fastlane/app_privacy_details.json)
+
+Apple App Privacy declarations uploaded via fastlane's `upload_app_privacy_details_to_app_store` action. Analyze the app's data collection (same analysis as data_safety.csv) and generate a JSON array declaring each collected data category, its purposes, and protection level.
+
+**Format:** JSON array of objects. Each object has `category`, `purposes` (array), and `data_protections` (array).
+
+**If the app does NOT collect any data:**
+```json
+[
+  {
+    "data_protections": ["DATA_NOT_COLLECTED"]
+  }
+]
+```
+
+**If the app collects data, one entry per data type:**
+```json
+[
+  {
+    "category": "EMAIL_ADDRESS",
+    "purposes": ["APP_FUNCTIONALITY"],
+    "data_protections": ["DATA_LINKED_TO_YOU"]
+  },
+  {
+    "category": "CRASH_DATA",
+    "purposes": ["APP_FUNCTIONALITY"],
+    "data_protections": ["DATA_NOT_LINKED_TO_YOU"]
+  }
+]
+```
+
+**Available categories:** `EMAIL_ADDRESS`, `USER_ID`, `NAME`, `PHONE_NUMBER`, `PHYSICAL_ADDRESS`, `OTHER_CONTACT_INFO`, `PURCHASE_HISTORY`, `PAYMENT_INFO`, `CREDIT_INFO`, `OTHER_FINANCIAL_INFO`, `PRECISE_LOCATION`, `COARSE_LOCATION`, `HEALTH`, `FITNESS`, `SENSITIVE_INFO`, `EMAILS_OR_TEXT_MESSAGES`, `PHOTOS_OR_VIDEOS`, `AUDIO_DATA`, `GAMEPLAY_CONTENT`, `CUSTOMER_SUPPORT`, `OTHER_USER_CONTENT`, `BROWSING_HISTORY`, `SEARCH_HISTORY`, `PRODUCT_INTERACTION`, `ADVERTISING_DATA`, `OTHER_USAGE_DATA`, `CRASH_DATA`, `PERFORMANCE_DATA`, `OTHER_DIAGNOSTIC_DATA`, `DEVICE_ID`, `OTHER_DATA_TYPES`.
+
+**Available purposes:** `THIRD_PARTY_ADVERTISING`, `DEVELOPERS_ADVERTISING`, `ANALYTICS`, `PRODUCT_PERSONALIZATION`, `APP_FUNCTIONALITY`, `OTHER_PURPOSES`.
+
+**Available data_protections:** `DATA_LINKED_TO_YOU`, `DATA_NOT_LINKED_TO_YOU`, `DATA_USED_TO_TRACK_YOU`, `DATA_NOT_COLLECTED`.
+
+**Analysis checklist (mirrors data_safety.csv analysis):**
+1. Authentication (firebase_auth) -- EMAIL_ADDRESS, USER_ID (linked, app functionality)
+2. Messaging/content (cloud_firestore) -- OTHER_USER_CONTENT (linked, app functionality)
+3. Payments (in_app_purchase) -- PURCHASE_HISTORY (linked, app functionality)
+4. Analytics (firebase_analytics) -- PRODUCT_INTERACTION, DEVICE_ID (not linked, analytics)
+5. Crash reporting (firebase_crashlytics) -- CRASH_DATA (not linked, app functionality)
+6. Location services -- PRECISE_LOCATION or COARSE_LOCATION
+7. Default to `DATA_NOT_COLLECTED` if no data collection SDKs are found
+
 ## Apple ASO Guidelines
 
 ### Name (name.txt)
@@ -239,6 +286,7 @@ af, am, ar, hy-AM, az-AZ, eu-ES, be, bn-BD, bg, my-MM, ca, zh-HK, zh-CN, zh-TW,
 ```
 fastlane/
   app_rating_config.json
+  app_privacy_details.json
   data_safety.csv
   metadata/
     copyright.txt
@@ -288,6 +336,8 @@ fastlane/
 - data_safety.csv has matching DATA_SHARED entries for every DATA_COLLECTED category
 - data_safety.csv has DATA_USAGE purpose entries for every collected data type
 - data_safety.csv includes SECURITY_PRACTICES entries for encryption and deletion
+- app_privacy_details.json exists and is valid JSON array with category, purposes, and data_protections for each entry
+- app_privacy_details.json categories match the data collection analysis (consistent with data_safety.csv)
 - review_information/ directory has all 7 files (first_name, last_name, phone_number, email_address, demo_user, demo_password, notes)
 - review_information/phone_number.txt uses valid US format (+1 followed by 10 digits with valid area code)
 - review_information/email_address.txt uses the actual domain from ci.config.yaml

package/templates/CLAUDE.md.template

@@ -58,10 +58,19 @@ IAP and subscription configuration. Durations: ONE_WEEK to ONE_YEAR. Intro offer
 ### fastlane/screenshots/
 Store screenshots by platform and device size. Generated by app-designer via Stitch MCP.
 
-### App Privacy (Manual Step)
-App Privacy declarations must be set manually by an Admin in the App Store Connect web interface.
-This is a one-time setup per app (not per release). Go to App Store Connect > Your App > App Privacy.
-Apple requires this before the first submission. It cannot be automated via API or fastlane.
+### App Privacy Setup
+App Privacy declarations must be set before the first app submission.
+
+**Automated (recommended):**
+1. Generate `fastlane/app_privacy_details.json` (the appstore-meta-creator agent does this)
+2. Run locally: `cd fastlane/ios && bundle exec fastlane upload_privacy_ios`
+3. Requires Apple ID auth (set APPLE_ID and APPLE_TEAM_NAME env vars)
+4. Privacy declarations persist across app updates (one-time setup)
+
+**Manual:**
+Go to App Store Connect > Your App > App Privacy and fill out the form.
+
+Note: This cannot run in CI with API key auth. Use FASTLANE_SESSION for CI automation (expires ~30 days).
 
 ### App Icon Setup
 The app icon must be set before the first release. Flutter creates projects with a default icon that MUST be replaced.

package/templates/fastlane/ios/Fastfile.template

@@ -116,4 +116,13 @@ platform :ios do
     script = "#{ROOT_DIR}/scripts/sync_iap_ios.py"
     sh("python3", script, config_path) if File.exist?(config_path) && File.exist?(script)
   end
+
+  lane :upload_privacy_ios do
+    upload_app_privacy_details_to_app_store(
+      username: ENV.fetch("APPLE_ID", ""),
+      team_name: ENV.fetch("APPLE_TEAM_NAME", ""),
+      app_identifier: ENV["BUNDLE_ID"],
+      json_path: "#{ROOT_DIR}/fastlane/app_privacy_details.json"
+    )
+  end
 end

package/templates/scripts/ci/ios/upload-privacy.sh

@@ -0,0 +1,35 @@
+#!/usr/bin/env bash
+# Uploads Apple App Privacy declarations via fastlane.
+# Requires Apple ID auth (not API key), so this typically runs locally.
+set -euo pipefail
+
+SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
+source "$SCRIPT_DIR/../common/read-config.sh"
+source "$SCRIPT_DIR/../common/ci-notify.sh"
+
+echo "=== iOS App Privacy Upload ==="
+
+# --- Check if privacy JSON exists ---
+PRIVACY_JSON="$PROJECT_ROOT/fastlane/app_privacy_details.json"
+
+if [ ! -f "$PRIVACY_JSON" ]; then
+  ci_skip "No app_privacy_details.json found at $PRIVACY_JSON"
+fi
+
+echo "  Found: $PRIVACY_JSON"
+
+# --- Privacy upload requires Apple ID auth (not API key) ---
+if [ -z "${APPLE_ID:-}" ]; then
+  echo "Skipping privacy upload: APPLE_ID not set (requires Apple ID auth, not API key)"
+  echo "Run locally: cd fastlane/ios && bundle exec fastlane upload_privacy_ios"
+  ci_skip "APPLE_ID not set (requires Apple ID auth)"
+fi
+
+# --- Export required env vars ---
+export BUNDLE_ID="$BUNDLE_ID"
+
+echo "Uploading App Privacy details for $BUNDLE_ID..."
+cd "$PROJECT_ROOT/fastlane/ios"
+bundle exec fastlane upload_privacy_ios
+
+ci_done "App Privacy declarations uploaded to App Store Connect"

package/templates/scripts/sync_iap_ios.py

@@ -21,7 +21,11 @@ import os
 import sys
 import time
 
+import requests
+
 from asc_iap_api import (
+    BASE_URL,
+    TIMEOUT,
     create_group_localization,
     create_localization,
     create_subscription,
@@ -32,6 +36,7 @@ from asc_iap_api import (
     get_subscription_localizations,
     list_subscription_groups,
     list_subscriptions_in_group,
+    print_api_errors,
     update_group_localization,
     update_localization,
 )
@@ -138,6 +143,18 @@ def sync_subscription_group(
         _sync_availability(headers, sub_id, sub_config)
         _sync_pricing(headers, sub_id, sub_config)
         _sync_review_screenshot(headers, sub_id, sub_config, project_root)
+        # Patch subscription to trigger Apple's state re-evaluation
+        resp = requests.patch(
+            f"{BASE_URL}/subscriptions/{sub_id}",
+            json={"data": {
+                "type": "subscriptions", "id": sub_id,
+                "attributes": {"reviewNote": "", "familySharable": False},
+            }},
+            headers=headers,
+            timeout=TIMEOUT,
+        )
+        if not resp.ok:
+            print_api_errors(resp, f"touch subscription {sub_id}")
         sub_results.append({"product_id": sub_config["product_id"], "id": sub_id})
 
     return {"group": ref_name, "group_id": group_id, "subscriptions": sub_results}
@@ -230,18 +247,17 @@ def _apply_equalized_prices(
     skipped = 0
     failed = 0
 
-    # Set base territory price if not already set
-    if base_territory not in priced_territories:
-        result = create_subscription_price(headers, sub_id, base_point["id"], base_territory)
-        if result:
-            created += 1
-            print(f"      Set base price {base_amount} {base_currency} for {base_territory}")
-        else:
-            failed += 1
-            print(f"      WARNING: Failed to set base price for {base_territory}", file=sys.stderr)
-            return created, skipped, failed
+    # Always set base territory price to ensure it matches config.
+    # Apple's preserveCurrentPrice=False handles updates; if the price
+    # is already correct this is effectively a no-op re-confirmation.
+    result = create_subscription_price(headers, sub_id, base_point["id"], base_territory)
+    if result:
+        created += 1
+        print(f"      Set base price {base_amount} {base_currency} for {base_territory}")
     else:
-        skipped += 1
+        failed += 1
+        print(f"      WARNING: Failed to set base price for {base_territory}", file=sys.stderr)
+        return created, skipped, failed
 
     # Get equalized prices for all other territories
     equalized = get_price_point_equalizations(headers, base_point["id"])